Bug 282633

Summary: security/step-certificates
Product: Ports & Packages Reporter: Vincent Bentley <vince>
Component: Individual Port(s)Assignee: Vladimir Druzenko <vvd>
Status: In Progress ---    
Severity: Affects Some People CC: mw, vvd
Priority: --- Keywords: easy
Version: LatestFlags: bugzilla: maintainer-feedback? (mw)
Hardware: Any   
OS: Any   

Description Vincent Bentley 2024-11-08 17:36:47 UTC 
There is a minor typographic error in the pkg info text that could trip up newbies during configuration.

The text says:

  service step_ca configure

It should say:

  service step-ca configure


To see the message, run the following command:

root@ca:~ # pkg info -D step-certificates
step-certificates-0.27.2_1:
On install:
================================================================================
Step Certificates requires additional configuration:

The simple way is via the service start script step_ca with:
service step_ca configure
When there is no configuration it will be created. User input is required!!!

The hard way would be manually via the step command.

Ensure to set the STEPPATH environment variable. This makes using the
commands much simpler.

Following are the defaults for step certificates and can be overridden by rc.conf variables::
* The service is run under user step customizable by step_ca_user
* The service is run inder group step customizable by step_ca_group
* The base directory used for storing CA information is step_ca_stepdir (%%PREFIX%%/etc/step)
* The CA informations is held under step_ca_steppath (%%PREFIX%%/etc/step/ca)
* The password required for automatic startup is in step_ca_password (%%PREFIX%%/etc/step/password.txt)
* By default step certificates logs to syslog with a tag of step_ca

================================================================================

root@ca:~ #
Comment 1 Vladimir Druzenko freebsd_committer freebsd_triage 2024-11-08 22:54:39 UTC 
I think I can fix this without having to wait for maintainer approval.
Comment 2 Vladimir Druzenko freebsd_committer freebsd_triage 2024-11-09 00:00:59 UTC 
Check security/step-certificates/files/step-ca.in:
name="step_ca"
rcvar="step_ca_enable"

Are you sure "service step_ca configure" is incorrect?

IMHO, better to rename security/step-certificates/files/step-ca.in to security/step-certificates/files/step_ca.in and in Makefile "USE_RC_SUBR=step_ca".

I changed my mind - waiting maintainer.
Comment 3 Vincent Bentley 2024-11-10 16:52:10 UTC 
Personally I don't have a preference between '-' and '_'. However, I do prefer accurate instructions. Which is why I raised this issue as a typo for the instructions and not as a bug with the service itself.

I am not a FreeBSD package maintainer, so I am not familiar with FreeBSD packaging standards. Doing a search on services on the host, it already has a mix of services with hyphens and underscores. If underscores in service names are a standard to be followed by package maintainers, there will be more services to fix, ftp-proxy and os-release being two of them.

# service -l | grep -e '-' -e '_'
ftp-proxy
growfs_fstab
hostid_save
ipfw_netflow
ipropd_master
ipropd_slave
local_unbound
os-release
power_profile
rfcomm_pppd_server
static_arp
static_ndp
sysctl_lastload
var_run
wpa_supplicant
step-ca

If underscores replacing hyphens is a FreeBSD packaging standard, perhaps this should be added to the linting process of packages.
Comment 4 Markus Wipp 2024-11-12 07:41:20 UTC 
(In reply to Vladimir Druzenko from comment #2)
Hi,

thanks for bringing the issue up.
I agree, that there is an inconsistency. I remember that there were some
issues with the - or _ when I built that.

I would propose to have a look and if it can be fixed in a meaningful way.
I think though, that I have to be careful with this not breaking things and especially keep it stable/reliable for people already it in order to not break their scripts/settings etc.
Comment 5 Vladimir Druzenko freebsd_committer freebsd_triage 2024-11-13 13:36:53 UTC 
service(8) takes the name of the rc.d script as a parameter.
So if the script is named step-ca, the command should be "service step-ca *".
The script can check the "step_ca_enable" variable instead of "step-ca_enable".
But how should the "service step-ca enable" command work? Can you test this command.
I don't have this software installed.